Commit c0bdb580 authored by Philippe Pepiot's avatar Philippe Pepiot
Browse files

[pyramid] set waitress url_scheme to https when base-url scheme is https


Since we do not configure trusted_proxy waitress ignore X-Forwarded-Proto
header and may generate http urls (pyramid request.url) when the instance is
behind a https reverse proxy. This cause cubicweb-signredrequest to not work
with since it rely on the url (including scheme).

Set url_scheme to 'https' when CubicWeb base-url scheme is https as a

branch : 3.25
parent b9ffd3216187
...@@ -350,13 +350,15 @@ class PyramidStartHandler(InstanceCommand): ...@@ -350,13 +350,15 @@ class PyramidStartHandler(InstanceCommand):
host = cwconfig['interface'] host = cwconfig['interface']
port = cwconfig['port'] or 8080 port = cwconfig['port'] or 8080
url_scheme = ('https' if cwconfig['base-url'].startswith('https')
else 'http')
repo = app.application.registry['cubicweb.repository'] repo = app.application.registry['cubicweb.repository']
warnings.warn( warnings.warn(
'the "pyramid" command does not start repository "looping tasks" ' 'the "pyramid" command does not start repository "looping tasks" '
'anymore; use the standalone "scheduler" command if needed' 'anymore; use the standalone "scheduler" command if needed'
) )
try: try:
waitress.serve(app, host=host, port=port) waitress.serve(app, host=host, port=port, url_scheme=url_scheme)
finally: finally:
repo.shutdown() repo.shutdown()
if self._needreload: if self._needreload:
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment